docs: add AgentSystems Notary integration#38
docs: add AgentSystems Notary integration#38brandon-agsys wants to merge 2 commits intoagentcontrol:mainfrom
Conversation
|
|
||
| ## What gets notarized | ||
|
|
||
| Each event becomes a canonical JSON record, hashed and pinned to your chosen hash storage. The `pre_execution_record` includes the full Agent Control event — `control_name`, `evaluator_name`, `action`, `matched`, `confidence`, `trace_id`, `span_id`, and the `condition_trace` showing exactly which pattern or rule matched: |
There was a problem hiding this comment.
This appears to change the hashing source from raw payload bytes to canonical JSON. Please clarify which bytes are actually hashed so the verification instructions stay accurate.
There was a problem hiding this comment.
Good catch, @namrataghadi-galileo - the doc was conflating "Agent Control event" with "Notary record."
To clarify: Agent Control events are consumed as a Python dict via event.model_dump() and embedded as the pre_execution_record field of a Notary record (alongside metadata, input, output). The Notary record is what gets JCS-canonicalized (RFC 8785) and SHA-256 hashed - so however you evolve ControlExecutionEvent, Notary's hashing handles it deterministically and past hashes remain verifiable. Verification is sha256(stored_bytes) against the stored hash.
Updated the relevant sections in the latest commit. Thanks!
2 participants
Describe your changes
Adds an Integrations page for AgentSystems Notary — a tamper-evident audit sink for Agent Control events.
Uses the public
register_control_event_sink()API with aBaseControlEventSinksubclass shipped inagentsystems-notary[agent-control].Shortcut ticket
For Galileo internally raised PRs only, please update this with your shortcut ticket.
SC-number
For external PRs, please add the issue (just put the number after the # below, and GitHub will automatically create a link):
Issue: #37
Checklist before requesting a review